JP4694077B2 - Computing device for accessing protected content in a rights management architecture - Google Patents

Abstract

A digital rights management system for the distribution, protection and use of electronic content. The system includes a client architecture which receives content, where the content is preferably protected by encryption and may include a license and individualization features. Content is protected at several levels, including: no protection; source-sealed; individually-sealed (or “inscribed”); source-signed; and fully-individualized (or “owner exclusive”). The client also includes and/or receives components which permit the access and protection of the encrypted content, as well as components that allow content to be provided to the client in a form that is individualized for the client. In some cases, access to the content will be governed by a rights construct defined in the license bound to the content. The client components include an object which accesses encrypted content, an object that parses the license and enforces the rights in the license, an object which obtains protection software and data that is individualized for the client and/or the persona operating the client, and a script of instructions that provides individualization information to a distributor of content so that the content may be individualized for the client and/or its operating persona. Content is generally protected by encrypting it with a key and then sealing the key into the content in a way that binds it to the meta-data associated with the content. In some instances, the key may also be encrypted in such a way as to be accessible only by the use of individualized protection software installed on the client, thereby binding use of the content to a particular client or set of clients.

Description

【０１１６】
【表２】

【０１１７】
上記のＸｒＭＬ構造の第一行は、ＸｒＭＬライセンスを作成するのに使用されるＸＭＬ言語のバージョンを定める。第二行は、ＸＭＬファイルを解析するのに使用されるＤＴＤファイルの名称を指定する。ＢＯＤＹタグは、ライセンスの種類、ライセンスが生成されたときに使用されたＸｒＭＬ規格のバージョン、およびそれが発行されたときの日付を提示する。それは、ライセンス全体に対するメタタグで、以下のサブセクション、すなわちＷＯＲＫ、ＬＩＣＥＮＳＯＲ、ＬＩＣＥＮＳＥＤＰＲＩＮＣＩＰＡＬＳおよびＳＩＧＮＴＵＲＥを有する。ＷＯＲＫは、使用権を含めて、ライセンスに関するすべての意味的情報を含む。このフィールドのコンテンツ（タグを含む）は、ハッシュされ署名されたデータを構成する。ＬＩＣＥＮＳＯＲは、ライセンスを発行したエンティティ、通常は小売店に関係する情報を含む。ＬＩＣＥＮＳＥＤＰＲＩＮＣＩＰＡＬＳは、ライセンスに指定された使用権を行使するときに認証しなければならない一連の原理を含む。
【０１１８】
ＳＩＧＮＡＴＵＲＥは、ＬＩＣＥＮＳＥＢＯＤＹのハッシュ／ダイジェスト、ならびに使用されたアルゴリズムを含めて、ハッシュがどのようにして作成されたかに関する情報を含む。また、それは、ライセンスを発行するときにライセンサが名付けたアルゴリズムに従って暗号化されたＤＩＧＥＳＴを含む。ＤＩＧＥＳＴおよびＳＩＧＮＡＴＵＲＥタグは、改善することができないようにしてライセンス全体を検証するのに使用される認証情報を提示する。
＜ＢＯＤＹタグの構造＞
ＸｒＭＬライセンス構成体の主要タグはＢＯＤＹタグで、以下のタグを含む。
【０１１９】
【表３】

【０１２０】
【表４】

【０１２１】
【表５】

【０１２２】
【表６】

【０１２３】
【表７】

【０１２４】
【表８】

【０１２５】
【表９】

【０１２６】
【表１０】

【０１２７】
【表１１】

【０１２８】
【表１２】

【０１２９】
【表１３】

【０１３０】
＜ライセンス認証＞
セキュアリポジトリ８２は、ＳＩＧＮＡＴＵＲＥおよびＤＩＧＥＳＴタグを介してライセンスを認証する。これは、表示されているコンテンツが信用ソースからのものであることをクライアントソフトウェアが検証できるようにしている。これらのタグのより詳細な例を以下に提示する。
【０１３１】
【表１４】

【０１３２】
前述の例は単に説明を目的として提示したもので、どの点からしても本発明を制限するものとして解釈されるべきではないことがわかる。様々な実施形態を参照しながら本発明を説明したが、ここに用いられている用語は説明および例示についての用語であって、制限についての用語ではないことが理解される。さらに、ここでは特定の手段、材料および実施形態を参照しながら本発明を説明したが、本発明はここに開示された特定のものに限定されるのではなく、添付の請求項の範囲に含まれる機能的に同等のあらゆる構造、方法および用途に広げられる。本明細書の教示の恩恵を受ける当業者は、それに対する多くの改造を成し遂げることができ、本発明の範囲および主旨から逸脱することなくその態様に変更を加えることができる。
【図面の簡単な説明】
【図１】 本発明の態様を実施することができる典型的なコンピューティング環境を示す構成図である。
【図２】 本発明によるデジタル権利管理システムの態様を実施するクライアントアーキテクチャの第１の実施形態の構成図である。
【図３】 本発明によるデジタル権利管理システムの態様を実施するクライアントアーキテクチャの第２の実施形態の構成図である。
【図４】 典型的な電子ブック（ｅＢｏｏｋ）タイトルファイルフォーマットを示す図である。
【図５】 リーダ起動処理を示す流れ図である。
【図６】 本発明によるデジタル権利管理システムを使用してｅＢｏｏｋの選択、取得および読取りを行う典型的な処理を示す流れ図である。[0001]
(Cross-reference to related cases)
This application is a US Provisional Application No. 60 / 172,319, filed December 17, 1999, entitled “System and Method for Digital Rights Management”. And the benefit of US Provisional Patent Application No. 60 / 172,318, entitled “System for Distributing Content Having Multilevel Security Protection”.
[0002]
(Field of Invention)
The present invention relates generally to distribution of electronic content, and more particularly to systems and methods for accessing protected content in a rights management architecture.
[0003]
(Background of the Invention)
As the availability and use of computers and palm-sized electronic devices has increased, it has become common to transmit and view documents electronically. As the speed and functionality of communications with infrastructures such as the Internet improve, the movement to provide rich services and content to devices has become extremely active. Services and content that can be provided include works such as books or text materials. Electronic distribution of text documents is faster and less expensive than traditional paper copy distribution. The same principle applies to content other than text, such as audio and video, and electronic distribution of the content is generally faster and cheaper than distribution of the content over conventional media (eg, magnetic tape or optical disk). . However, the low cost and immediacy of electronic distribution, along with the ease of copying electronic content, contradicts distribution management that protects the rights of the owner of the distribution.
[0004]
Once an electronic document is transmitted to one party, it can be easily copied and distributed to others without the approval of the owner of the rights in the electronic document or often without the owner knowing it. This type of unauthorized document distribution can deprive authors or content providers of royalties and / or income. The problem with many current distribution schemes is that there are no provisions to protect ownership. Other systems attempt to protect ownership, but are cumbersome, inflexible, and can be viewed / read by the purchaser (or in the case of non-text content such as music or video) Reproduction of things is difficult.
[0005]
In view of the above, there is a need for an improved digital rights management system that is flexible and easy to use while allowing electronic works to be distributed to purchasers while protecting the rights of the owner. There is also a need for a system that can operate on several client platforms, while providing a flexible level of security and allowing the purchaser to view / play electronic content on each platform.
[0006]
The digital rights management system of the present invention protects the content owner's intellectual property and enables the author or other content owner to receive rewards for their creative efforts while providing protection to the purchaser. It advantageously provides a solution to the above-mentioned problem that prevents excessive burdens.
[0007]
(Summary of Invention)
An architecture for a content playback client in a digital rights management ("DRM") system is provided. The architecture includes a playback application (eg, a text viewing application or “reader”) that plays content protected by the DRM system. The architecture also includes various security functions that prevent unauthorized distribution or unauthorized use of protected content, as well as software components that allow the security functions to be navigated to play the content in a suitable client environment.
[0008]
Unprotected, source sealed, individually sealed (or registered), source according to the provided architecture signature , And content can be protected at multiple levels including full personalization (or “owner-only”). “Unprotected” content is distributed in unencrypted form. “Source Sealed” and “Individual Sealed” content is encrypted and an encryption key (encrypted and sealed with specific rights management data associated with the content so that the key cannot be retrieved if the rights management data changes) Bundled with “content key”).
[0009]
The difference between a “source” seal and an “individual” seal is that the “individual seal” content contains information related to the legitimate owner (eg, owner name, credit card number, receipt number, or transaction ID for a purchase transaction) ) In the rights management data, so that this information cannot be deleted from a working copy of the content, allowing for illegal distribution searches. The particular type of information included is determined by the copy retailer.
[0010]
" signature "The content is encrypted so that the playback application can verify its authenticity or the authenticity of its distribution path. signature Is done. “Completely personalized” content is not just sealed with rights management information, but is issued to only a specific client or group of clients to limit the use of that content to a limited number of installations. And an decryption key encrypted so that it cannot be accessed without "activation authentication". “Fully personalized” content also includes a license that specifies the rights that the user can exercise with respect to the content.
[0011]
In one embodiment of the present invention, a client is used to read a book or text that is distributed to the client in a file that retains the protection described above. Preferably, client software and data related to content protection and usage are playback applications (referred to as “readers” if the content is text);
An “management” component that opens protected content and certain other cryptographic functions;
Information regarding installation of reader applications and / or “activation” status, as well as “activation” authentication required by distributors to provide “fully personalized” content whose decryption is limited to a specific set of readers Software objects that provide information to content distributors;
As well as a “launch” software object that performs the function of obtaining a secure repository and activation credentials for installation on the client.
[0012]
Preferably, the activation software object is embodied as an ACTIVEX control, and the object providing information to the content distribution site is as an ACTIVEX and / or browser plug-in wrapped into one or more Java description functions. Embodied. Furthermore, the managed object is preferably operable by the reader application via an API exposed to the reader application.
[0013]
Preferably, the content key of the fully personalized content is encrypted according to a public / private key pair associated with a specific activation authentication, and a copy of the activation authentication is the same “complete individualization” on multiple devices owned by one person. "Can be provided to various client devices owned or used by a particular person (or" person ") so that the content can be read, while others who own similar devices Since the necessary activation authentication is not issued for the same, the same “fully personalized” content cannot be read, thereby restricting the spread of completely personalized content.
[0014]
Other features of the present invention are described below.
[0015]
The foregoing summary, as well as the following detailed description, is better understood when read in conjunction with the appended drawings. For the purpose of illustrating the invention, it will be understood that throughout the several views of the drawings, like reference numerals designate like parts, and that the invention is not limited to the specific methods and instrumentalities disclosed.
[0016]
(Detailed description of the invention)
The present invention is directed to a system for processing and distributing electronic content that can protect the content at multiple levels. Although preferred embodiments of the present invention directed to electronic book processing and distribution are described, the present invention is not limited to electronic books and includes any digital content such as video, audio, software executables, data, etc. Can do.
[0017]
<Overview>
The success of the ebook industry will surely require existing book buyers to have an impressive, safe and friendly experience for acquiring all kinds of text materials. Such materials can include “free” or inexpensive materials that require very little copy protection, and “specialized” ebook titles (here “eBook”) that require comprehensive rights protection. . Requires a lower level of protection while ensuring a high level of copy protection for publications that require copy protection in order to enable a smooth distribution from the current distribution to print and retail models to electronic distribution systems There must be an infrastructure to support the distribution of titles.
[0018]
The digital rights management (DRM) and digital asset server (DAS) system of the present invention advantageously provides such infrastructure. The present invention makes it more desirable to purchase an eBook than to "stolen" (e.g., illegally copy) an eBook. Non-interventional DRM systems increase the likelihood of compensating piracy by increasing sales / distribution in the form of eBooks while minimizing the risk of piracy. Furthermore, the present invention provides retailers with a system that can be quickly deployed at low cost.
[0019]
The primary users of the system are publishers and retailers who use and / or deploy the system to ensure the legality and copy protection of the content they sell. Typical users of the system may be traditional publishers, “state-of-the-art” publishers and “Hungry authors”. Traditional publishers are more likely to be concerned about the loss of revenue from print publishing operations due to eBook piracy. State-of-the-art publishers are not necessarily concerned about one-off copyright infringement, and can understand that eBook commerce is most effective in a system where consumers develop purchasing habits. On the other hand, a Hungry author who earns revenue commensurate with the number of sales of his work, Author The name of the work will be attached to the work forever).
[0020]
As described in more detail below, the DRM system of the present invention enables legitimate use by consumers by supporting various "levels" of protection while achieving its goal by protecting the work. .
[0021]
At the lowest level (level 1), the content source and / or provider may choose unprotected by an unsigned and unsealed (clear text) eBook that does not include a license.
[0022]
The next level (level 2) protection means that the content has been encrypted and sealed with a key, which is done using a cryptographic hash of the eBook title metadata (see below), and the content It is a “source seal” that requires a key to decrypt
[0023]
The source seal prevents tampering with the content and accompanying metadata after sealing the title, as any changes to the metadata make the title unusable, but the source seal guarantees authentication of the title copy (Ie, the source seal does not provide a mechanism for distinguishing between legitimate and illegal copies). In the case of “Hungry Authors”, the attribution goal of “Hungry Authors” can be met by including the author's name in the metadata and permanently attaching it to the content.
[0024]
The next level of protection (“Level 3”) is “Individual Sealing” (or “Registration”). The “individual seal” title is information that is associated with the purchaser whose metadata is legitimate (for example, the user's name or credit card number, transaction ID, or receipt number from a purchase transaction). It is an eBook that includes information so as to be attached to the content by encryption. This level of protection will prevent people from distributing copies of the title because it is easy to detect the source of the unauthorized copy (and metadata including information relevant to the buyer) If any change is made, it becomes impossible or at least very unlikely to open the necessary decryption key).
[0025]
The next level of protection (level 4) is “source signature”. The source signature eBook (which will be discussed in more detail below, is a user application that allows the eBook to be read by a computing device such as a PC, laptop, personal digital assistant (PDA), pocket PC or application specific reading device. It is a title that can be authenticated by a “reader”.
[0026]
Authentication is in three ways: a “tool signature” that ensures that the eBook title has been generated by a trust conversion and encryption tool;
"Owner signature", which is also a tool signature eBook that guarantees authentication of the content of the copy (the owner may be the author or the copyright holder);
Also, it is preferable to be defined by a “provider signature” which is a tool signature eBook that demonstrates the authentication of the provider (content publisher or retailer).
[0027]
“Tools”, owners and providers can each have their own asymmetric key pair to facilitate the creation and verification of digital signatures of information. The title may be both a provider signature and a source signature that facilitate authentication of the title's distribution path (eg, through a signature chain of copies). The strongest level of protection is “complete personalization” or “owner limited” (level 5). A “Personalized” title is registered to a person from a reader (or multiple readers) by allowing it to be opened only by an authenticated reader application that “wakes up” for that particular user. Prevent porting of titles to no readers.
[0028]
In order for the reader of the present invention to open a level 5 protected title, the reader must be “activated” (ie, the device in which the reader is embedded has activation authentication for a specific person and a secure repository) Must be). The activation process will be described in detail below with reference to FIG.
[0029]
The system of the present invention provides an architecture for sharing information among readers, content providers, and content sources, a method for "sealing" titles at various levels using the information, and a method for composing the information. It is also what is defined. The availability of these selections allows the content source to select which content is sold to which user (if protection is applied) with which protection. Specific information that can be used to sign and / or seal the title for use by the reader and can be adapted (in the case of level 5 it can be a reader activated for a specific person) Can open the title and enable eBook reading.
[0030]
<System architecture>
As shown in FIG. 1, a typical system for implementing the present invention includes a system bus 23 that couples various system components including a processing unit 21, system memory 22, and system memory 22 to the processing unit 21. A general-purpose computing device in the form of a conventional personal computer or network server 20 including
[0031]
The system bus 23 can be any of several types of bus structures including a memory bus or memory controller, a peripheral bus, and a local bus using any of a variety of bus architectures. The system memory includes read only memory (ROM) 24 and random access memory (RAM) 25. Stored in ROM 24 is a basic input / output system 26 (BIOS) that includes basic routines that help to transfer information between elements within personal computer 20 at startup and the like. The personal computer or network server 20 includes a hard disk drive 27 for reading and writing to a hard disk (not shown), a magnetic disk drive 28 for reading or writing to a removable magnetic disk 29, and a CD-ROM or other An optical disc drive 30 for reading or writing to a removable optical disc 31 such as an optical medium can be further included.
[0032]
The hard disk drive 27, magnetic disk drive 28, and optical disk drive 30 are connected to the system bus 23 by a hard disk drive interface 32, a magnetic disk drive interface 33, and an optical drive interface 34, respectively. The drives, and their associated computer readable media, provide non-volatile storage of computer readable instructions, data structures, program modules, and other data for the computer or network server 20.
[0033]
In the exemplary environment shown here, a hard disk, a removable magnetic disk 29 and a removable optical disk 31 are employed, but a magnetic cassette, flash memory card, digital video disk, Bernoulli cartridge, random access memory (RAM), read Those skilled in the art will appreciate that other types of computer readable media that can store computer accessible data, such as dedicated memory (ROM), can also be used in a typical operating environment.
[0034]
An operating system 35 (eg Windows® 2000, Windows® NT or Windows® 95/98), including one or more application programs 36, other program modules 37 and program data 38 Several program modules can be stored in the hard disk, magnetic disk 29, optical disk 31, ROM 24 or RAM 25.
[0035]
A user can input commands and information into the personal computer 20 via an input device such as a keyboard 40 or a pointing device 42. Examples of other input devices (not shown) include a microphone, a joystick, a game pad, a satellite disk, and a scanner. These and other input devices are often connected to the processing unit 21 via a serial port interface 46 coupled to the system bus 23, but may be a parallel port, game port, universal serial bus (USB) or 1394 high speed. It can also be connected by other interfaces such as a serial port. A monitor 47 or other type of display device is also connected to the system bus 23 via an interface, such as a video adapter 48. In addition to the monitor 47, personal computers typically include other peripheral output devices (not shown) such as speakers and printers.
[0036]
Personal computer or network server 20 may operate in a networked environment using logical connections to one or more remote computers, such as remote computer 49. The remote computer 49 may be another personal computer, other network server, router, network PC, peer device or other common network node, although only the memory storage device 50 is shown in FIG. Specifically, it includes many or all of the elements described above for the personal computer 20. The logical connections shown in FIG. 2 include a local area network (LAN) 51 and a wide area network (WAN) 52. Such networking environments are commonplace in offices, enterprise-wide computer networks, intranets and the Internet.
[0037]
When used in a LAN networking environment, the personal computer or network server 20 is connected to the local network 51 via a network interface or adapter 53. When used in a WAN networking environment, the personal computer or network server 20 typically includes a modem 54 or other means for establishing communications over a wide area network 52 such as the Internet.
[0038]
The modem 54 may be an internal modem or an external modem, and is connected to the system bus 23 via the serial port interface 46. In a networked environment, program modules shown for a personal computer or network server 20, or a portion thereof, can be stored in the remote memory storage device 50. It will be appreciated that the network connections shown are exemplary and other means of establishing a communications link between the computers can be used.
[0039]
<Client architecture>
Referring now to FIG. 2, a first exemplary client architecture 90 according to the present invention is shown. The client architecture 90 may be implemented on the personal computer 20 of FIG. 1 or other suitable computing device, such as a palm-sized computer, laptop computer, or application-specific closure device for reading eBook titles. . The client architecture 90 includes a reader shell 92 (or “Reader 92”) for reading eBook title 10 and a web browser 102 (eg, MICROSOFT® INTERNET EXPLORER browser) for contacting a retailer / distributor site. . A cryptographic transformation is provided that can be a plug-in for Information Technology Storage System (ITSS) 5.2 96.
[0040]
Cryptographic conversion is a software component that will open the content key and decrypt the content stream emanating from the eBook file or “LIT file” 10 (shown in FIG. 4). This cryptographic conversion is preferably implemented as an extension to the existing ITSS 96 code used by the reader 92 for the LIT file 10.
[0041]
This extension is instantiated every time the encrypted content is accessed. The name of the buyer (or other information relevant to the buyer) (for example, in the case of individually sealed titles that include the buyer's name and other identifying information in the metadata) for each title A bookplate API 94 is provided that returns from the cryptographically hashed bookplate stream 14C in the ten DRM storage objects 14. The column returned by this function can be used for the cover page 100 to identify the legitimate owner of the title 10. An example where the columns are user names is shown in FIG.
[0042]
When the user clicks on the displayed name or cover page copyright notice / icon (tap on a touch screen device), a dialog box is displayed that highlights the copyright-protected nature of the publication. Can do. The local store 98 is preferably a directory or folder in which eBooks can be stored (as will be described below with reference to FIG. 4, eBook 10 is a file containing book content as well as other information).
[0043]
For example, if the architecture 90 is implemented on a device operating under any of the MICROSOFT WINDOWS® operating systems, the local store 98 may simply be a directory called “C: MyLibrary”. Browser 102 is a typical browsing program (such as a MICROSOFT INTERNET EXPLORER browser or a NETSCAPE NAVIGATOR browser). Use it to contact retail sites that sell eBooks and engage in transactions with those sites. In some cases, the reader 92 may have a “integrated book store” that contacts retail sites and facilitates shopping without using the common browsing application 102.
[0044]
Referring now to FIG. 3, a second exemplary client architecture 90 'is shown. In the second client architecture, like the first client architecture, the same reference numerals represent the same elements, and therefore, description of these similar elements is omitted to avoid repetition. The DRM manager 80 is a component that reveals a set of internal APIs to the reader 92. Content decryption, key opening, and return of a book plate string (for example, a display user name in the case of level 3 or level 5 titles) In addition, the authentication of the application requesting access to the encrypted LIT file is managed.
[0045]
For example, the code for reader 92 may include a call to an interface that is part of an API that calls a computer-executable instruction to perform any one of the above functions. Computer-executable instructions can be embodied in a dynamic link library (DLL) used for the COM object and / or reader 92.
[0046]
To address technology updates (ie, some DRM technologies, some of which were not yet developed when the code for reader 92 was created, make reader 92 transparent despite certain APIs. Various versions of COM objects and / or DLLs can be provided (to allow it to function).
[0047]
In one example, the developer / administrator of architecture 90 'can provide interface specifications or instructions (eg, a set of method names / labels for the API) to the developer of reader 92, and then a DLL or COM object ( Alternatively, continuous DLL and COM objects) can be provided to users of client architecture 90 '. In another example, the developer / administrator of architecture 90 ′ may be the same entity that provides reader 92 and defines an API for DRM manager 80 to facilitate communication with various components of architecture 90. Can do.
[0048]
The secure repository 82 is an executable file that is downloaded during the startup process and allows the reader to open a fully personalized (level 5) eBook (LIT file). The secure repository 82 is preferably unique (or nearly unique) for each computing device (eg, PC or application-specific reading device) in which the architecture 90 'is implemented. The secure repository 82 holds a secret key necessary to open a level 5 protected title. The secure repository 82 can be obtained during the startup process (described below). In one example, the computing device on which the architecture 90 'resides (via a network such as the network 52) is based on hardware associated with the computing device (eg, a serial number or other number associated with that hardware). ), Uploading a hardware ID that uniquely identifies the device to a “secure repository server” (not shown).
[0049]
The "secure repository server" then downloads to the computing device a secure repository whose code is based on the computing device in which the architecture 90 'is embodied, and preferably whose correct execution is bound to the computing device. The secure repository performs functions including opening the content key as well as applying a unique secret key used for decrypting the content.
[0050]
In an exemplary embodiment, the level 5 title content is encrypted with a symmetric key, the symmetric key is encrypted with a public key included in the activation authentication, the encrypted symmetric key is sealed with the title, and the activation authentication The private key is included in the activation authentication in a format encrypted with the public key of the secure repository 82. In this example, the secure repository 82 decrypts the activation authentication private key using the secure repository 82 private key, and then decrypts the symmetric key using the activation authentication private key. A system and method for creating secure repository 82 is described in local agent case record number MSFT-0126, filed concurrently with the present application and specifically incorporated herein by reference in its entirety.
[0051]
The activation ACTIVEX control 84 is a component used by the client computing device during the activation process (see below). Preferably, ACTIVEX control 84 is used by a browser (e.g., MICROSOFT INTERNET EXPLORER browser), which then has reader 92 as the host device (although ACTIVEX control 84 can also be run by a standalone browser). .
[0052]
The activation ACTIVEX control 84 verifies the server (eg, “activation server”) to which the reader 92 (or the computing device on which it resides) is connected, computes the hardware ID, and secure repository 82 (and associated activation authentication). Demonstrate how to prepare for downloading and authenticating and installing downloaded executables. For example, the reader 92 (or other software component) can include an instruction that detects whether the reader 92 has been activated and, if not already activated, one or more instructions to the activate ACTIVEX control 84. Can be issued to perform activations, and these instructions can include instructions for performing the operations described above.
[0053]
The web commerce object 86 is distributed as an ACTIVEX control and a NETSCAPE NAVIGATOR (R) plug-in. It can be used by retailers via client-side scripting when selling fully personalized copies (ie level 5 protected copies). This COM object 86 is preferably wrapped by the actual method, as well as client-side script functions that extract the basic differences between plug-ins and ACTIVEX controls.
[0054]
Important methods provided by the web commerce object 86 and the accompanying interface include detection of installation of the reader 92, detection of the activation state, start-up of the reader activation process (see FIG. 5), activation of the reader Search for the encrypted PASSPORT ID, and search for activation authentication (preferably encrypted) when downloading a fully personalized copy (level 5 protection).
[0055]
For example, a script (such as a Java® script) may be distributed to an eBook retail store and included in the retail store web page. The script can reveal a function call that implements the above method, and whether the script is executed by a MICROSOFT INTERNET EXPLORER browser or a NETSCAPE NAVIGATOR browser (first case) In the second case, use a plug-in). A retail store can effectively transmit instructions to be executed on the client computing device by transmitting a script that defines the function call along with script instructions that invoke the function.
[0056]
For example, a retail store may wish to detect whether the reader 92 is installed on a client computing device, so that the retail store defines a function that detects whether the reader 92 is installed. A web page containing a registered trademark script can be transmitted to the client device with instructions to invoke its functionality. The detection function itself can include code to perform an ACTIVEX control or plug-in detection function depending on the brand of browser in which the script is executed. In this way, a particular browser is transparent to the retail store, and the retail store can create a single web page that performs any of the above functions in any browser.
[0057]
<EBook file structure>
Referring now to FIG. 4, an exemplary eBook (or “LIT”) file structure is shown. The eBook 10 is content 16 that is a book-like text (or any electronic content such as audio or video) that is itself encrypted and / or encrypted with a sealed key (“content key”). including. In a preferred embodiment, the key is a symmetric key 14 that is sealed with a cryptographic hash of metadata 12 or, in the case of a level 5 title, a public key for user activation authentication. This key is stored as an individual stream in the secondary storage unit of the eBook file (stream 14A of the DRM storage device 14 in FIG. 4). Or Is stored in the license for level 5 titles. (In the case of a level 5 title, instead of storing the content key as a separate stream, stream 14A includes a license that is a construct that defines the rights that a user can exercise when purchasing the title. The content key is included in the license).
[0058]
The DRM storage 14 includes a source stream 14B that can include the name of the publisher (or other content source), and consumption as provided by the retailer for individual sealed (level 3 and / or level 5) titles. A bookplate stream 14C is included that includes the name of the consumer (eg, a name that can be obtained as part of a commercial transaction to purchase eBook 10 as obtained from consumer credit card information).
[0059]
The method of calculating the cryptographic hash that encrypts and / or seals the symmetric key 14C (or uses the cryptographic hash to seal the key) is known only to the trusted content creation tool and the trusted playback application. “Confidential matter” is preferred. By using a hash in this way, falsification of the metadata 12 included with the eBook 10 can be complicated / prevented. It can be seen that any method can be used to “seal” an eBook as long as it provides some anti-tampering measure for the eBook.
[0060]
In accordance with the present invention, the metadata 12 can include a copyright tag that describes the rights granted to the user or purchaser by the content source (eg, publisher). As long as the tag exists, for example, the user displays it on the cover page 100 (shown in FIGS. 2 and 3) in the case of an individual sealed copy Or If you tap the name displayed on the "Copyright Notice" link that can also be displayed on the cover page 100 (in the case of a source sealed copy with a copyright tag), the reader 92 will display the text contained in the tag. Can be displayed to the user. If the copyright is not included in the metadata 12 by the content source, but the eBook title is individually sealed (level 3), the reading application (eg, reader 92) based on the disclosure system may send the following message or A true copyright notice such as a similar message can be displayed.
[0061]
“This electronic publication may be in any form or by any means such as electronic means, mechanical means, printing, copying, recording, etc., or by any information storage or retrieval system. Reproduction, redistribution or re-transmission without the written consent of is completely prohibited. " The action of displaying a copyright notice serves to prevent typical users from attempting to copy their eBooks, and to make the user aware that they are viewing proprietary material. The notification can be displayed at an arbitrary point in time when viewing the eBook when it is considered advantageous.
[0062]
<Starting the reader>
As described above, activation enables the reader client for purchase, download and viewing of fully personalized (ie level 5) eBook titles. Computers running one of the MICROSOFT WINDOWS® operating systems (or other general purpose operating systems) basically allow anyone to debug the execution process to hack the security of any application, Establishing a security framework around the reader client is essential to provide true copy protection / prevention in order to open a platform that can create "patches" (software remodeling modules). “Activation” is processing for establishing this framework for the reader 92.
[0063]
The activation process is preferably performed using a “namespace authority” such as MICROSOFT (registered trademark) PASSPORT (trademark) as the activation database. Use of PASSPORT ™ is advantageous because it enables the activation authentication by the user to be linked to the person. The “person” used here can be linked to the user, and the user name and password format in the web browser used for out-of-band processing (secure socket layer (SSL) is It is a unique identifier that can be reliably authenticated by a typical embodiment of the process.
[0064]
Using the “person” schema, each person can read the purchased title with any reader activated using the “person” who purchased the title based on it. In addition, the activation information can be made available to a plurality of vendors once started so that server-to-server communication between the vendor and the startup authority is not required while reducing concern about privacy.
[0065]
Next, processing for starting the reader will be described. When a user purchases a use-specific eBook reader device or obtains reader software for a PC (for example, via a CD-ROM 31 or download via a wide area network 52 such as the Internet), the user starts the reader for the first time. Sometimes it is recommended to activate the reader (eg immediately after setup for a laptop / desktop application).
[0066]
For example, each time a reader is started, it can be checked whether it has been activated (other software objects can also check whether the reader has been activated). If the reader has not been activated, the reader displays a dialog box informing the user that premium titles that require full personalization (ie level 5 protection) cannot be obtained. An example of the notification is shown below.
[0067]
Congratulations on installing the Microsoft (R) Reader
The Purchase and download premium titles protected against distribution
To make your reader available to the
Must be started.
[0068]
The dialog may include a button that allows the user to activate reader 92 (eg, the dialog box marked 2 "Launch Reader Now" and "Launch Reader Later"). Can display two buttons). When the user is not interested in acquiring the title of level 5, if this is checked, the reader stops displaying the startup message at the start, accompanied by a message such as “Do not display this message in the future” A “check box” can be included in the dialog box. If the reader is already activated, the PASSPORT ID or person ID of the last user who activated the reader is displayed in the “splash screen” such as “activated for <person>”. Become. The user can also shop with a stand-alone browser while activating the reader from any retail website.
[0069]
In this scenario, the merchant can utilize the reader web commerce object 86 and associated script wrapper API to cause the link and / or button that initiates the reader 92 to be displayed as a separate process. For example, the contractor starts the reader 92 as an activation function, and then provides a script function that guides the activation process to the user as if the user had started the reader by starting the reader himself. Can be included. (As mentioned above, a script function can be initiated using an ACTIVEX control or plug-in depending on the type of browser on which it is executed).
[0070]
The merchant first detects whether the reader 92 is activated and issues an instruction (using the web commerce object 86 and associated script wrapper) to start the activation process only if the reader 92 has not been activated. It can also be included in a web page. In other scenarios, the reader 92 uses the reader's “integrated book store” functionality (eg, a feature that allows users to shop on various websites selling eBooks without using a browser). It is also possible to start the activation process from the “integrated book store” function (or part thereof) of the reader 92.
[0071]
If the user decides to activate the reader 92, the activation process may include the steps shown in FIG. In step 150, the reader client opens up the “integrated book store” section and connects to the activation service via Secure Socket Layer (SSL), where the user is required to log in using the PASSPORT ™ certificate. (Step 152). If the user does not have a PASSPORT ™ account, it will be provided at the time of linking for signing up for it (step 154). Preferably, the activation server is hard-coded into the activation ACTIVE control 84 using an SSL connection so that the client can guarantee that the server is truly the activation server.
[0072]
If the user is authenticated by PASSPORT ™ (step 156), the PASSPORT ™ API is checked against the user alias and email address (step 158). Thereafter, in steps 160-162, the activation server determines that the client (via the ACTIVEX control) (as described above) a hardware component on the user's computing device that substantially uniquely identifies the user's computing device. Upload a unique hardware ID (which can be derived from). Next, it is determined whether this is the first activation for the reader 92 (step 164). (In some cases, the reader can be activated multiple times with different PASSPORT IDs. If the reader 92 has already been activated with another PASSPORT ID, a warning as shown in step 166 is displayed).
[0073]
If it is determined in step 164 that this is a new activation, it is determined whether the user has activated more than five readers in the last 90 days. If so, an error message including a support telephone number is displayed at step 172, and the process ends at step 198.
[0074]
As described above, the limitation of keeping the number of readers activated within the past 90 days to no more than five is merely exemplary. Limiting reader activation by time and number helps to prevent the widespread distribution of level 5 eBook titles that can be viewed by thousands (or millions) of readers worldwide.
[0075]
However, the limitation of “5 readers in 90 days” in the example of FIG. 5 is merely illustrative because other limitations on activation can be imposed without departing from the spirit and scope of the present invention. For example, by permitting an additional activation when a predetermined period has elapsed, for example, by permitting one additional activation after 90 days following the limit of a total of 10 activations, FIG. It is possible to expand the indicated activation restrictions.
[0076]
If the number of readers activated by the user within 90 days is less than 5 (or activation of the reader 92 is not prohibited), an activation page for the user to fill in is displayed (step 170). If the user transmits the form in an incomplete form (detected in step 174), the page will be redisplayed until the user completes the form.
[0077]
Next, in step 176, it is determined whether the current activation is recovery (ie, an attempt to "reboot" a reader that has been activated but has become unusable or unusable for some reason). To do. If the current activation is not recovery, a new record is created for the user and reader, and the number of readers associated with the user is incremented (step 180). The previously generated secure repository key pair is retrieved from the database (step 182), and activation authentication is also generated (step 184). (As mentioned above, activation authentication can include a public / private key pair in which the private key is encrypted with the public key of the secure repository key pair).
[0078]
In step 186, the activation key, user ID, and device ID are stored in a database (not shown). Preferably, any new secure repositories that do not retain their secure repository keys and need to be created and distributed in the future will have a new key pair (and will be distributed with the new secure repository) Activation authentication may include a retained activation key pair, but the private key is encrypted against the (new) public key of the (new) secure repository).
[0079]
If it is determined in step 176 that this activation is recovery, an activation certificate is generated using the public / private key pair stored from the previous activation (step 178) (the public / private key pair is In step 186, it is retrieved from the stored database), and processing continues at step 188.
[0080]
In step 188, the activation server generates a secure repository execution file 82. Preferably, the secure repository executable 82 is digitally signed, based on and / or associated with the device ID. The activation server also generates an activation certificate that is tied to the user's person, preferably via the user's PASSPORT ™ ID. The secure repository execution file 82 and activation certificate are then downloaded to the client (steps 188 and 190).
[0081]
The activation authentication is encrypted at download time (eg, to protect any information contained in the authentication associated with the person with whom it is bound). The activation authentication is later uploaded to a “download” or “fulfill” server through an eBook acquisition process described below in connection with FIG. 6 (ie, as part of the process of acquiring a level 5 title). The user's PASSPORT ™ ID is encrypted and recorded in the PC registry as part of this download (when the reader 92 is installed on a computing device with a registry) for uploading during commerce. The The PASSPORT ID that was stored when the Level 5 title was obtained The By storing the PASSPORT (trademark) ID separately from the activation authentication (even if it can be included in the activation authentication) so that it can be compared with the PASSPORT ID in the activation authentication, it contributes to prevention of content theft. .
[0082]
In step 192, it is determined whether the secure repository 82 and activation authentication have been successfully downloaded. If unsuccessful, log the event and attempt to download again (steps 194 and 192). If the download is successful, at step 196, the user will be “celebrated” to launch the reader 92 and a page will be provided that informs them that the launch process has been completed.
[0083]
In one example, the page may include a link that can obtain a “promotional” or “free” eBook. This link will change depending on the promotion (ie, if “advertisement” changes, the server can download different pages with different links). This link can also take the user back to the library page on the reader using the method revealed by the activation ACTIVE control 84. Next, in step 198, the process ends.
[0084]
<Flow of electronic commerce processing>
Next, an outline of a basic process for acquiring and distributing an eBook title online will be described with reference to FIG. It can be seen that the reader of the present invention is configured to interact and operate within a server environment. The exemplary server environment is described in local agent case record number MSFT-0124 filed concurrently with this application, specifically incorporated herein by reference in its entirety.
[0085]
Using the “integrated book store” function of the browser or reader 92, the user visits the retail site and selects a book for the retail store to perform (step 200). For example, the site may provide web pages that display (as links) various books that the user may wish to purchase.
[0086]
The user then pays for the title, such as by presenting a credit card number (step 202) (or by checking the stored credit card number if the user has an account for the site). (In one mode of use, the user's PASSPORT ID can be matched to the number or account). In step 204, the transaction is completed with a receipt page. The receipt page can include information that "confirms" the order or expresses gratitude for the order, and includes a link (HTTP POST request) to download each purchased title. For fully personalized titles (level 5), the client-side script occupies the POST body with activation authentication via the web commerce object 86 (eg, using the web commerce object 86 to the retailer's site). Search for activation credentials to provide).
[0087]
In one example, activation authentication can be provided to the retailer's website, which then creates an HTTP request (ie, a POST request) that includes a cryptographic blob (within the body of the POST). The HTTP request (including the cryptographic blob) is then displayed as a link at the client site, and the client clicks on the link to download the purchased title (as described below). In this typical scenario, HTTP requests and cryptographic blobs (preferably generated by retailers involved in the fulfillment site) are information that identifies the specific eBook provided to the purchaser, as well as the order that the fulfillment site is an eBook. Contains information that proves to the fulfillment site that the cryptographic blob has been generated by the intended retailer who has agreed to fulfill.
[0088]
Furthermore, when purchasing a level 5 title, the client-side software adds activation authentication to the POST body, encrypts the eBook symmetric key, and can be used as a reader activated for the user's person. Like that.
[0089]
In step 206, clicking on any of the links will cause the browser to begin downloading from the download or “fulfill” server specified on the receipt page. For an individual seal ("registration") copy, the download server adds the consumer's name (or other identifying information determined by the retail site, such as the user's credit card number or transaction ID) to the title metadata, then Re-seal the symmetric key using a new cryptographic hash obtained from the new metadata containing the identification information. (The specific information to be included is determined by the retail store and provided as part of the cryptographic blob in the body of the POST). For the fully personalized copy (level 5), in addition to creating the book plate, a license is generated and embedded in the LIT file. This license includes a symmetric key obtained by encrypting the LIT file “sealed” with the public key in the activation authentication. When the download is complete (step 208), the download server records the transaction and the reader 92 can be automatically started on the client (step 210).
[0090]
At this point, the title can be moved into the local store / LIT store 98 or other folder or directory designed to store eBook titles. When the reader 92 is started, the eBook can be opened for the cover page 100.
[0091]
According to the present invention, there is no clear difference between level 3 and level 5 protected titles from the end user's perspective. Both include a book plate (for example, the name of the user is included on the cover page 100). The user recognizes the difference only when the reader 92 tries to move the level 5 eBook to an installation that has not been activated for the person who purchased the eBook. In this case, the level 5 title is not opened by the reader 92, and the level 3 title is opened.
[0092]
<DRM system client usage scenario>
The DRM system architecture is guided by several scenarios that eBook consumers encounter. An exemplary scenario is described below. The scenario impulsively purchases a book, reads the book with multiple readers 92, activates the reader 92, and recovers a lost or damaged title. These scenarios vary according to the level of copy protection chosen by the publication provider. Such variability will in some cases affect the user to determine what the user should do to obtain and open a title for one or more readers 92.
[0093]
<Impulse purchase and reading of books>
When a consumer scans a retail store's website using a web browser or “book store” function in the reader application 92, they select a book to purchase (eg, build a “shopping cart”). ), Proceed to checkout according to retail site rules and / or procedures. Depending on the level of protection associated with the selected title (eg, the retail site, instead the retail site may be determined by the content owner distributing the eBook), the retail site requests information that uniquely identifies the consumer To do. (For example, if the title is protected at level 3, it is (preferably) trusted source so that detection cannot be avoided if the user purchases the title with a pseudonym or the title is illegally distributed. The user's name is retrieved from and included in the metadata, in this scenario, other information that can track the buyer from it, such as the user's credit card number or transaction ID, can be used to meet the same objectives Is).
[0094]
If the title is protected at level 5, the retail site will use an activation certificate (preferably obtained by using the web commerce object 86 as an associated script wrapper) to properly encrypt the content key. Will also need it. If the customer / browser is unable to provide the necessary information to complete the transaction, the retail site will take the necessary steps (e.g., the process and how to perform and / or follow hyperlinks). To customers (in the form of a web page explaining what they can offer). Once the transaction is completed, the customer receives a receipt to confirm the transaction (ie an order confirmation page) or receives a notification error reporting a problem with the processing of their transaction in accordance with retail site rules and policies It is preferable.
[0095]
The purchaser then follows the download instructions embedded in the receipt for the book they purchased in accordance with the rules and policies established by the retail site. (For example, the receipt may include a hyperlink that the user should click to initiate an eBook download). After downloading eBook, it can be opened for reading by reader 92.
[0096]
<Reading books with multiple readers>
Consumers expect to be able to read titles on multiple reading platforms such as desktop PCs, laptops, palmtops or eBook devices. The DRM system of the present invention provides for such usage. As part of the DRM system, publishers, distributors and merchants can be holders of symmetric keys used to encrypt eBook titles. Preferably, one key is used for each title or SKU / ISBN / EAN. The symmetric key is required to open the title and is embedded in the license / DRM stream at the time of purchase. The process of encrypting the symmetric key and then embedding is referred to herein as “sealing”. The symmetric key can be encrypted using the public key associated with the consumer's activation authentication key pair, or in the case of source and individually sealed copies, with a cryptographic hash of the metadata.
[0097]
In order to read a title encrypted by a plurality of readers 92, the instance of the reader 92 needs to be able to access the symmetric key 14A embedded in the license / DRM stream of the title. For protected titles that are not fully personalized for a person (eg, level 2, 3 or 4 titles), use the title metadata (eg, hash) to open the symmetric key 14A. Access to the symmetric key 14A is accomplished, possibly by decryption, which is preferably done by the DRM manager 80. In this scenario, the title merchant / distributor may use a symmetric key 14A with a cryptographic hash generated programmatically from a hash of the title's metadata (for example, a level 3 title may include the name of the legal owner). Is encrypted. Reader 92 and / or DRM manager 80 then opens the symmetric key using the same hash algorithm. Because the new metadata produces a different hash, the reader software will not be able to decrypt / open the symmetric key 14A, so that users who tamper with the content of the title metadata will not be able to read the eBook title.
[0098]
In the case of a fully personalized (level 5) title, the symmetric key 14A is encrypted with the user's activation authentication public key, inserted into the license, and the license is stored in the DRM storage 14 in the stream 14A prior to downloading. Inserted (see FIG. 4). As described above, each reader 92 activated for a particular person has activation authentication that includes a public / private key pair associated with that person. Therefore, the title can be read by an arbitrary reader 92 activated for a specific person. As described above, the activation authentication is acquired during the activation process. The aforementioned “license”, which will be described in more detail below, is a structure that defines the right that a consumer can exercise when purchasing content, and if present, also includes a content key (ie, a symmetric key).
[0099]
The client architecture 90 'is stored when the activation authentication private key is stored in encrypted form and is obtained by applying the public key to the encrypted private key using the secure repository 82, as described above. By applying the secret key from the activation authentication, the encrypted symmetric key included in the license of the level 5 title is decrypted. Confirming that the reader 92 has been activated using the proof that the level 5 title has been created accordingly (ie, a person), and further to allow the user to read the title with multiple readers 92 No action is required.
[0100]
Further, even in the case of a level 5 title, the operation of confirming that the reader is activated for the correct person is performed implicitly. That is, if the reader 92 is not activated for a person associated with a level 5 title, the reader 92 can access the symmetric key 14A required to decrypt the content stream 16 You do not have access to activation authentication (and its private key). All level 5 titles purchased for the reader 92 encrypt their content keys against the public key included in the activation authentication associated with the reader / person.
[0101]
When the user installs or purchases another reader 92, the user activates the new reader with the same person and the same activation authentication (or more precisely, the secret key is new as described above). Only an equivalent activation certificate with the same public / private key that is encrypted with the public key of the secure repository present in the secure reading device / installation.
[0102]
Another variant for obtaining the symmetric key 14A is by an open card. Each open card includes a key or key pair to which the title is sealed. If the user wishes to read the same title with a different reader 92, the reader 92 must be installed on a device having an open card slot. Thus, the title becomes automatically readable when the user inserts an open card into the device. Thus, since the title is actually tied to the card rather than a specific activation authentication and / or person, a special process is required if the user wishes to read an open card based title with multiple readers 92 Not.
[0103]
<Update or exchange of reader>
When a user loses, replaces or updates his or her reader, it is important that the user can read previously purchased titles (eg, level 5 titles) with the new reader. According to one aspect of the present invention, the same mechanism that allows a user to read with multiple readers 92 is used to allow the user to read previously purchased content with a new reader 92. That is, the new reader 92 obtains necessary activation authentication (activation authentication with a key pair included in the previous activation authentication issued to the user's person).
[0104]
The update / exchange process is simplified by limiting the number of activations of the reader 92 by the method described above. If the user does not exceed the applicable limit for activation, the new / update / exchange reader 92 can be activated as if it were activating another one of several readers owned by the user It is. The user can “cancel” the activation of the old reader by deleting the activation authentication, but the activation authentication (eg the activation server with which the user contacts to obtain the activation authentication and secure repository 82) Doing so does not necessarily increase the number of effective activations for a particular person, since it is not necessary to verify in any way that is deleted or not recoverably backed up. Thus, in one embodiment of the present invention, deleting activation authentication does not “reset” the environmental restrictions on new activations for a particular person.
[0105]
<Recover lost or damaged title>
The user can back up the title, for example, by copying the eBook file 10 to the removable magnetic disk 29, the optical disk 31, or a removable non-volatile memory card. If a title on the primary storage device of a particular reading device is lost or damaged, the title can be restored from the backup storage device. However, if the title is not backed up for some reason, it can be recovered by obtaining a lost or damaged title from a retail store. For example, an eBook ("LIT") that retains a receipt page from a title purchase (ie, a page containing a download link), simply "revisits" the link and connects to the download server to instantiate the title. A new copy of file 10 can be obtained. Users can keep their receipts locally or alternately, and retail stores can choose to provide a service that stores their receipts on the retail store's servers.
[0106]
However, in a preferred embodiment of the present invention, the receipt is valid so that if the download link is clicked more than a predetermined number of times after it has been issued (eg within one hour), the download server will refuse to download the title. There is a deadline (e.g., the cryptographic blob associated with the link you click to contact the download server can introduce an expiration date there). In this case, the retail store can keep a purchase record and provide a new copy of the receipt / download link. In order to recover a lost or damaged eBook title, the user must connect to the merchant from which the eBook title was purchased. After the user is identified, the merchant site presents the user with a list of receipts from which the user will select the appropriate receipt.
[0107]
The user can then locate the title he wants to recover and click on the link provided for download. Any restrictions need to be removed from the merchant site so that the user can download the lost eBook title again. Since the user was always free to copy the title from device to device, it is generally not necessary for the merchant to restrict the re-downloading of the title (it goes without saying that the level 5 title is not the person who purchased the title). Subject to the condition that it does not work with a reader activated for a person), so re-download restrictions on titles do not provide additional copy protection. However, since the merchant can view redownload as a service that the merchant wants to collect fees for, the decision to grant the free “redownload” privilege is at the merchant's discretion.
[0108]
<Support for multiple activation readers on the same PC>
Readers for laptops and desktop PCs are preferably designed to support multiple users sharing the same computer. If the user has a different local account for the shared PC, the reader can store user-specific data in the appropriate user data space supported by the respective profile and “current user” registry values. . For example, the eBook file 10 can be stored for each user in a directory logically included in the top level directory for the profile of the corresponding user. In the case of an activation process, that process causes the activated reader 92 and the downloaded component (eg, secure repository 82 and activation authentication) to execute the current user (eg, MICROSOFT WINDOWS® NT operating system). It can be confirmed that it is tied to the current login user on the workstation.
[0109]
Further, when the reader is activated, the reader can display the PASSPORT (trademark) name of the user for which the reader is activated, for example, on a splash screen or a high-speed setting page. On the high-speed setting page, the PASSPORT (trademark) name for the user who last activated the reader is displayed directly above the activation link. This takes into account proper handling by the client-side web commerce object 86 for activation authentication as well as uploading an encrypted PASSPORT ™ ID during the shopping process for fully personalized titles (level 5 protection). .
[0110]
The process that allows multiple users to launch the same reader 92 on an exemplary shared system is as follows. The reader will check whether it has been activated through startup. This check is performed by checking the ActivationComplete RegKey based on HKEY_CURRENT_USER / software / Microsoft / eBook. Since this RegKey is described for the HKCU branch, it ensures that it is user-specific and tied to the username that is currently logged on on the computer. If this RegKey is not found or is not set to 1 (that is, if activation is successful), the user activates the reader according to the process as described above. After the download is complete, the launch ACTIVEX control 84 queries the operating system for the username for the currently logged on user on the PC. If the user name is not returned, “DefaultUser” is assumed as the user name.
[0111]
The ACTIVEX control 84 then queries the registry to determine where the reader was installed. A directory is then created based on the MS Reader installation directory that will be named / <username> / secure repository (<username> determined by operating system query). Once the directory is created, ACTIVEX control 82 will use HKCU /. . / EBook / Occupy a secure repository key. In that directory, ACTIVEX control 84 installs secure repository 82 and activation authentication. Next, the secure repository 82 is executed with the “install” parameter for self-recording of the secure repository 82. Assuming all the above steps have been successful, ACTIVEX control 84 records the Activation Complete RegKey.
[0112]
<License format>
An example license used for each fully personalized title download is shown below. A license is a construct that defines the rights that can be exercised when a user purchases a title, in addition to defining the requirements for opening the symmetric key and exercising the rights. Examples of “rights” that can be expressed in a license include display of the content (eg, reading it on a PC monitor in the case of text content), printing the content, or copying and pasting a portion of the content Is mentioned. It will be appreciated that the exemplary license format is not intended to limit the scope of the present invention, and that other licenses with more or less information are possible.
[0113]
The language selected to represent the license is preferably XML and the license format is preferably based on the Extended Rights Marked Language (XrML) standard. This is a marked language suitable for flexibly describing usage rights. XrML provides a high level of interoperability and will also support any technology investment in components that generate these licenses and manage them for long-term use. In the preferred embodiment, only those specified in the license are granted a license (ie, denied if no grant of rights is specified). However, those skilled in the art will appreciate that other mechanisms are possible, such as default rights being assumed, unless a refusal or modification is explicitly stated in the license.
[0114]
The top level tags in the collapsed format are as follows.
[0115]
[Table 1]

[0116]
[Table 2]

[0117]
The first line of the above XrML structure defines the version of the XML language that is used to create the XrML license. The second line specifies the name of the DTD file that is used to parse the XML file. The BODY tag presents the type of license, the version of the XrML standard that was used when the license was generated, and the date when it was issued. It is a meta tag for the entire license and has the following subsections: WORK, LICENSOR, LICENSED PRINCIPALS and SIGNURE. WORK contains all semantic information about the license, including usage rights. The contents of this field (including tags) constitute hashed and signed data. LICENSOR contains information related to the entity that issued the license, typically a retail store. LICENSEDPRINCIPALS includes a set of principles that must be authenticated when exercising the usage rights specified in the license.
[0118]
SIGNATURE contains information about how the hash was created, including the LICENSEBODY hash / digest, as well as the algorithm used. It also includes DIGEST encrypted according to the algorithm named by the licensor when issuing the license. The DIGEST and SIGNATURE tags present authentication information that is used to verify the entire license in a way that cannot be improved.
<Structure of BODY tag>
The main tag of the XrML license construct is the BODY tag, which includes the following tags:
[0119]
[Table 3]

[0120]
[Table 4]

[0121]
[Table 5]

[0122]
[Table 6]

[0123]
[Table 7]

[0124]
[Table 8]

[0125]
[Table 9]

[0126]
[Table 10]

[0127]
[Table 11]

[0128]
[Table 12]

[0129]
[Table 13]

[0130]
<License authentication>
The secure repository 82 authenticates the license via the SIGNATURE and DIGEST tags. This allows the client software to verify that the displayed content is from a trusted source. More detailed examples of these tags are presented below.
[0131]
[Table 14]

[0132]
It will be appreciated that the foregoing example has been presented for purposes of illustration only and should not be construed as limiting the invention in any way. Although the present invention has been described with reference to various embodiments, it is understood that the terminology used herein is for the purpose of description and illustration and not for limitation. Furthermore, although the invention has been described herein with reference to specific means, materials and embodiments, the invention is not limited to the specifics disclosed herein, but is within the scope of the appended claims. To all functionally equivalent structures, methods and applications. Those skilled in the art who have the benefit of the teachings herein will be able to accomplish many modifications thereto and make changes to the embodiments without departing from the scope and spirit of the invention.
[Brief description of the drawings]
FIG. 1 is a block diagram illustrating an exemplary computing environment in which aspects of the invention may be implemented.
FIG. 2 is a block diagram of a first embodiment of a client architecture for implementing aspects of a digital rights management system according to the present invention.
FIG. 3 is a block diagram of a second embodiment of a client architecture for implementing aspects of the digital rights management system according to the present invention.
FIG. 4 shows a typical electronic book (eBook) title file format.
FIG. 5 is a flowchart showing reader activation processing.
FIG. 6 is a flow diagram illustrating an exemplary process for selecting, obtaining and reading an eBook using a digital rights management system according to the present invention.

Claims (6)

A computing device configured to communicate over a network infrastructure,
A memory in which first data is stored;
Here, the first data includes encrypted information and information having a symmetric key encrypted in relation to a secret key for activation authentication,
A management module capable of accessing the first data stored in the memory by accessing any of a plurality of applications;
Means for generating a secure repository and a secret key for the activation authentication unique to the management module during the activation process of the management module by accessing any of a plurality of applications;
The management module is activated by accessing the first data using the secure repository and decrypting the encrypted symmetric key of the first data using the activation authentication private key And means for reading the first data including the information using a management module whose activation has been authenticated by accessing one of a plurality of applications. A featured computing device. Said first data includes information you related to the user or transaction, the information is claim 1, characterized in that it is used by the management module the computing device is returned to the rendering application by The computing device described. The computing device of claim 2, wherein the information related to the user or transaction is selected from the group consisting of a user name, a credit card number and a receipt number.   The computing device of claim 1, wherein the management module authenticates the rendering application before returning the first data. The management module can interface with a secure repository that can be received via the network infrastructure,
The computing device according to claim 1, wherein the secure repository applies a key to second data. 6. The computing device of claim 5, wherein the second data comprises a key for decrypting the first data .

Images